Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Trojan-spy.html.smitfraud.c

dyray

Posted 19 April 2005 - 10:00 AM

dyray

New Member

Member

1 posts

Windows XP machine running very slowly and can't open any programs. Im getting a black screen and it seems like programs are trying to run. There are a few programs on the machine that run automatically when Windows is started, and their boxes open up, but I'm unable to close them using the "X" in the top right corner.

I did not notice the "Hijack this Log" that someone had posted for their machine until after I tried using the following fix for the problem. Being that this was my first time to this website, I did not realize that you had to post the Hijack This Log and after breaking my parents computer even moreso than it was, I realized that each post is for the specific machines and not a general fix.

_________________________________________________These are the instructions that I followed:

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard (found this and removed it)Virtual Maid (this program was not there)Search Maid (this program was not there)

Exit Add/Remove Programs.

*IMPORTANT* Be sure you know how to VIEW HIDDEN FILES

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

wp.exe

Exit Task Manager.

*Click Here to download Killbox by Option^Explicit. (was able to download killbox)*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.*In the killbox program, select the Delete on Reboot option.*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field) MAKE SURE TO ENTER ALL FILE PATHS!:

C:\wp.exeC:\wp.bmpC:\Windows\sites.iniC:\Windows\popuper.exeC:\Windows\System32\helper.exeC:\Windows\System32\intmonp.exe : (typed in all of these with the delete at reboot option)C:\Windows\System32\msmsgs.exe C:\Windows\System32\ole32vbs.exeC:\Windows\system32\msole32.exe

Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

Reboot into normal mode. (this is where I stopped b/c the system rebooted into normal mode but is now running very slowly and is not allowing me to do anything)

*Download and install Registrar Lite version 2.00*Double click the purple Registrar Lite icon on your desktop.*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.*It will take you into the "Policies" folder.*Locate the "System" folder (in the right panel)*If found, right-click on the System folder and go to Delete*Be very careful that you only delete the System folder that is inside the Policies folder.

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log.______________________________________________________________

I showed the steps that I took at the top of the "fix" and what the results were for each step. Im wondering if I can do a System Restore and Restore to an earlier point. The problem that I was having at first is that I downloaded some spyware removal s/w but the system would not let me install it at all. I downloaded SpyFighter and Microsoft Antispyware (i think), but am not able to install any programs.

The computer now has a black screen when it starts up, it appears to be loading the icons that normally load along the taskbar at the right of the screen, but when i click something (anything) nothing happens. I cant close out any of the pop-ups or any of the programs that start up automatically when windows starts up.